Data (Use and Access) Act 2025 and the NHS 10-Year Plan
As discussed in our previous article, the Data (Use and Access) Bill 2024–25, which received Royal Assent on 19 June 2025 and is therefore now the Data (Use and Access) Act 2025 (the Act), aims to transform the handling and sharing of data within the NHS and care sectors. Its healthcare-focused provisions – Schedule 15 and Section 121 –impose mandatory information standards for IT suppliers engaging with the NHS, with the ultimate goals of improving clinical outcomes, enhancing patient safety, reducing duplication, and streamlining care delivery. However, these specific provisions currently lack a commencement date and supplementary regulations, leaving room for questions as to their specific implementation.
In this article, as part of our series reviewing the aims of the NHS 10-Year Plan (the Plan), we have reviewed the Plan in light of the Act to identify any references, overlaps, or points of alignment.
While the Plan does not directly reference the Act, many of the Act’s objectives are mirrored in the strategic priorities outlined in the Plan. Below, we explore these connections and highlight areas where IT suppliers and NHS providers should take note.
Alignment Between the NHS 10-Year Plan and the Data (Use and Access) Act 2025
The Plan sets an ambitious goal: transforming the NHS into “the most digitally accessible health system in the world.” The Plan’s vision for healthcare reform includes a significant drive to digitise the NHS’ infrastructure, reduce inefficiencies, and improve the sharing of information across care settings. These priorities closely align with the aims of the Act.
- From Analogue to Digital: Single Patient Record
The Plan’s proposal to implement a Single Patient Record (SPR) is central to its digital ambitions. The SPR aims to create a single, unified record of health data for each patient, accessible by healthcare professionals (with patient consent). The SPR aims to reduce duplication, improve care quality, and streamline access to patient information across different care settings.
This concept strongly aligns with the Act’s emphasis on mandatory information standards for IT suppliers, which are designed to facilitate interoperability and seamless data sharing across health systems. In the Plan, the government commits to introducing legislation to require health and care organisations to make patient information accessible to patients and other professionals, which could be seen as complementary to the regulatory framework envisioned by the Act.
Key takeaway: Although the Plan does not explicitly reference the Act, it is reasonable to anticipate that the mandatory information standards introduced by the Act may form a foundation for SPR implementation.
- Transformative “Big Bets” on Technology
The Plan identifies five transformative technologies – data, AI, genomics, wearables, and robotics – as the focus of structural reforms to transform healthcare delivery. Central to this is that “by 2035 health data will flow seamlessly and securely”, which the Plan identifies as critical to better care, patient empowerment, and research innovation.
The Plan’s focus on high-quality health data working seamlessly across different systems or platforms echoes the Act’s overarching aim of making data more accessible. In particular, “Big Bet 1”, which seeks to enable seamless data sharing and coordination through initiatives such as the Health Data Research Service (HDRS), reflects the same ethos as the Act. HDRS will make de-identified NHS data available to scientists, research and entrepreneurs to improve research and innovation, similar to the Act’s ambition of creating conditions where data empowers innovation in care and treatment.
Key takeaway: IT providers implementing components of the “big bets” outlined in the Plan – such as federated data platforms, AI-powered tools, and genomics – will likely need to ensure compliance with the Act’s information standards once its provisions take effect.
- Driving Interoperability Through IT Standards
The Plan references throughout the importance of interoperability in supporting its digital transformation agenda. The Plan’s digital initiatives, from the NHS app to AI tools, aim to integrate systems and securely share data across care services. These objectives are consistent with the Act’s requirement for IT service suppliers to adopt standardised information standards.
Key takeaway: IT suppliers bidding to deliver systems integral to NHS digital reform should remain alert to the potential role of the Act’s provisions in defining future compliance.
How We Can Help You
Although the elements of the Act relating to information standards are not yet operational (and we await news on timing in that regard), organisations providing IT services to the NHS should start considering preparations for future compliance and the potential implications on any product development/roadmaps. The mandatory information standards, once introduced, are likely to impact elements of the Plan’s reforms, such as the Single Patient Record, Health Data Research Service, or AI-powered digital tools.
Key considerations:
- How will mandatory standards under the Act shape IT system requirements for the Single Patient Record, federated data sharing and interoperability?
- What will the consequences be (legal and commercial) for failing to comply with standards post-enactment?
- How should IT Suppliers future-proof their systems to align with both the Plan’s priorities and impending regulations?
Our team will be able to help navigate the evolving legal and compliance landscape. This will include helping procurement teams with inclusion of required information standards in ITT documentation, and NHS Providers and IT suppliers with adapting IT services agreements as both the Plan and the Act’s provisions continue to take shape.